There is a proposed rule under consideration. This is a week old, and proposes specific governance changes for Software Defined Radios, which affects WiFi on any device -- routers, handsets, workstations, refrigerators... Relevant excerpt:

Quote:

To minimize the potential for unauthorized modification to the software that controls the RF parameters of the device, grantees would have to implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved. All manufacturers of devices that have software-based control of RF parameters would have to provide specific information about the software capabilities of their devices. The Commission proposed to require that an applicant for certification explicitly describe the RF device's capabilities for software configuration and upgradeability in the application for certification. This description would include all frequency bands, power levels, modulation types, or other modes of operation for which the device is designed to operate, including modes not enabled in the device as initially marketed. Also, an applicant for certification would have to specify which parties will be authorized to make software changes (e.g., the grantee, wireless service provider, other authorized parties) and the software controls that are provided to prevent unauthorized parties from enabling different modes of operation.

The second is not a proposal, it is a guidance document for U-NII (IEEE 802.11a) certification. Of note is a requirement to address Third-Party Access Control, which asks the vendor:

Quote:

What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.

Last edited by jggimi; 1st September 2015 at 03:28 PM.
Reason: clarity, adjusted a link

What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.

This is particularly interesting as there are several router vendors, Buffalo in particular, that offer products specifically designed for, and pre-loaded with, DD-WRT.

The ruling regarding U-NII certification one year earlier required the vendor to secure the devices from unauthorized modification. And, in their applications, vendors must clearly describe their security and authentication mechanisms, and firmware installation governance.

Most likely, Buffalo has not applied for certifications since March 31, 2015 for their 802.11a devices, since they mention loading anyone else's build of DD-WRT voids the warranty.

But let us conduct a thought experiment. Suppose a vendor has applied. Suppose they stated clearly that their firmware they supply is a vendor-controlled build of DD-WRT, that firmware upgrades require customer authentication with physical access, and that they use TLS encryption to transfer firmware builds to the customer, with SHA256 hash signatures. Let us further state that they *permit* the authorized customer to load their own firmware, but that this voids their warranty.

The 2014 ruling specifies that only authorized firmware, as defined by the vendor, should be able to be installed. (A third-party DD-WRT load would violate that requirement.)

I guess that the FCC would deny the certification of this type of product today.

For the 5Ghz band, new products must have a way to authenticate firmwares to be installed, and the vendor's firmware installation procedures must authenticate the firmware before installing. But I also guess that the firmware could be a vendor build of DD-WRT, such as Buffalo uses.

Most likely, Buffalo has not applied for certifications since March 31, 2015 for their 802.11a devices, since they mention loading anyone else's build of DD-WRT voids the warranty.
:
:
:

I guess that the FCC would deny the certification of this type of product today.

For the 5Ghz band, new products must have a way to authenticate firmwares to be installed, and the vendor's firmware installation procedures must authenticate the firmware before installing. But I also guess that the firmware could be a vendor build of DD-WRT, such as Buffalo uses.

There does not appear to be much of a future for DD-WRT except for those who tenaciously hold on to legacy hardware. I have not looked a 5GHz wireless cards - are there any that do not require firmware.

Thinking out loud about the possibility of making my own OpenBSD arm based wireless router.

One of our key goals is to protect against harmful interference by calling on manufacturers to secure their devices against third party software modifications that would take a device out of its RF compliance. Yet, as the record shows, there is concern that our proposed rules could have the unintended consequence of causing manufacturers to “lock down” their devices and prevent all software modifications, including those impacting security vulnerabilities and other changes on which users rely. Eliciting this kind of feedback is the very reason that we sought comment in an NPRM and we are pleased to have received the feedback that will inform our decision-making on this matter.